Re: Rules to blocking MS-Messenger

[Eric Daigneault <scouby@xxxxxxxx>]

Those are the rules I use :

Try to include them in your script ....

# Block MSN
#/sbin/ipchains -A forward -s $all -d www.hotmail.com -j DENY
#/sbin/ipchains -A forward -s $all -d gfx.law9.hotmail.com -j DENY
#/sbin/ipchains -A forward -s $all -d gfx.pav1.hotmail.com -j DENY
#/sbin/ipchains -A forward -s $all -d loginnet.passport.com -j DENY
#/sbin/ipchains -A forward -s $all -d www.pav0.hotmail.com -j DENY
#/sbin/ipchains -A forward -s $all -d email.msn.com -j DENY
#/sbin/ipchains -A forward -s $all -d gateway.messenger.hotmail.com -j DENY
#/sbin/ipchains -A forward -s $all -d mail.yahoo.com -j DENY

Just try to ajust them to your needs....   The big key for msn is the 7th 
line !

Good luck

At 15:45 03/06/2003 +0200, you wrote:
> Well, ok, the best way is block all ms sites ;-D
>
>
> On Tue, 2003-06-03 at 14:39, Bruno Gimenes Pereti wrote:
> > Hi Sergio,
> >
> > Paranoic protection is not the solution, MSN Messager connects to port 80
> > when it can´t find port 1863. tcpdump is the best way to discover this 
> but I
> > think it´s easier to use netstat from the client host.
> > You will have to block a lot of server from Microsoft (at least port 80).
> > These is my rules from iptables to block one host (10.1.0.10).
> >
> > -A FORWARD -i eth2 -p tcp -m tcp -s 10.1.0.10 --dport 1863 -j DROP
> > -A FORWARD -i eth2 -p tcp -m tcp -s 10.1.0.10 -d 207.46.110.0/24 -j DROP
> >
> > in ipchains you will get something like this:
> >
> > -A forward -p tcp -d 0/0 1863 -j DENY
> > -A forward -p tcp -d 207.46.110.0/24 80 -j DENY
> >
> > Sometime ago I couldn´t open www.microsoft.com.br using this rules because
> > those servers used to be the one who redirect www.microsoft.com.br to
> > www.microsoft.com/brasil, but today I didn´t got this problem.
> >
> > Good luck.
> > Bruno Pereti.
> >
> > PS. Your english is not worst than mine. :^)
> >
> >
> > > > Hi friends,
> > > >
> > > > I am having problem for blocking ms-messenger.
> > > >
> > > > My firewall this based in packets filter and the policy
> > > > input/output/forward is ACCEPT.
> > > >
> > > > Already the following politics in firewall is implemented in the top
> > > > rules:
> > > >
> > > >   ipchains -A input -p tcp -d any/0 --destination-port 1863 -j DENY
> > > >   ipchains -A input -p tcp -d any/0 --destination-port 1864 -j DENY
> > > >   ipchains -A forward -p tcp -d any/0 --destination-port 1863 -j DENY
> > > >   ipchains -A forward -p tcp -d any/0 --destination-port 1864 -j DENY
> > > >   ipchains -A output -p tcp -d any/0 --destination-port 1863 -j DENY
> > > >   ipchains -A output -p tcp -d any/0 --destination-port 1864 -j DENY
> > > >
> > > >   ipchains -A input -p udp -d any/0 --destination-port 1863 -j DENY
> > > >   ipchains -A input -p udp -d any/0 --destination-port 1864 -j DENY
> > > >   ipchains -A forward -p udp -d any/0 --destination-port 1863 -j DENY
> > > >   ipchains -A forward -p udp -d any/0 --destination-port 1864 -j DENY
> > > >   ipchains -A output -p udp -d any/0 --destination-port 1863 -j DENY
> > > >   ipchains -A output -p udp -d any/0 --destination-port 1864 -j DENY
> > > >
> > > > However, these politics are not having validity, therefore my users are
> > > > obtaining to use this program.
> > > >
> > > > Somebody as some tip of as to block this software?
> > > >
> > > > Thanks a lot!
> > > >
> > > > Best regards.
> > > >
> > > > P.S.: Plese, it forgives for the horrible english. :-)
> > > >
> > > > --
> > > > ===================================
> > > >       Sergio A. Lima Junior
> > > >        Analista de Suporte
> > > > ===================================
> > > >  Servico de Atendimento ao Cliente
> > > >        Depto. de Suporte
> > > >       Gruponet Tecnologia
> > > >     sergio@xxxxxxxxxxxxxxx
> > > >   http://www.gruponet.com.br
> > > > ===================================
> >
> > ------------------------------------------------------------------------
> >      To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx
> >          with "unsubscribe" in the subject of the message.
> --
>  -------------------------------------------------------------------
> | Andreu Sánchez Costa - Dep. Gestió de Sistemes - sistemes@xxxxxx  |
> | Tel: +34973234106 - http://www.iws.es/ - Internet Web Serveis     |
> | Fingerprint = 3ADA 69EF 4E84 DEC8 D219  6863 83F0 513E 06AE 46D1  |
> | GnuPG key: 06AE46D1 ( pgp.mit.edu - www.keyserver.net )           |
>  -------------------------------------------------------------------

-------------------------------------------------------
Eric Daigneault
Administrateur de systèmes
Vacances Air Canada
-------------------------------------------------------
courriel : edaigneault@xxxxxxxx
téléphone : (514) 876-0707 ext 3247
-------------------------------------------------------

------------------------------------------------------------------------
    To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx
        with "unsubscribe" in the subject of the message.